Psychology of a con

One of the biggest security weak spots in all systems is the user.  Yes, there are many complicated processes for attacking networks and cracking password files, but why bother with that when you can simply ask an inside user for their network credentials?  I'm just getting caught up on email so have just read Bruce Schneier's December cryptogram which highlighted a great article by Paul J Zak called How To Run a Con. While this article is specific to traditional con men and their marks, this same logic can be applied to how easy it is to social engineer data out of so many users. We want to trust people, and most of all, we want to be trusted, too. Interesting reading!
Comments:

A recent XKCD comic illustrates another weakness: http://www.xkcd.com/538/

Posted by Chris on February 12, 2009 at 12:18 PM PST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Valerie's former weblog. The new one can be found at http://bubbva.blogspot.com/

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today